Hi all,
I'm searching for a plugin which can multiple encode a payload.
Does such a thing exist in w3af?
The idea is as follows:
given the url like
/path/foo<u>xss/other
I want to test these variants:
/path/foo<u>xss/other
/path/foo%3Cu%3Exss/other
/path/foo%253cu%253exss/other
/path/foo%25253cu%25253exss/other
/path/foo%26%6C%74%3Bu%26%67%74%3Bxss/other
/path/foo%26%6C%74%3B%75%26%67%74%3Bxss/other
/path/foo%2526%256C%2574%253Bu%2526%2567%2574%253Bxss/other
/path/foo%3Cu%3Exss/other
/path/foo%253Cu%253Exss/other
The idea (abstract) is like:
encodeEntity(payload)
encodeURL(payload)
encodeURL(encodeURL(payload))
encodeURL(encodeURL(encodeURL(payload)))
encodeURL(encodeEntity(payload))
encodeEntity(encodeURL(payload))
encodeEntity(encodeURL(encodeURL(payload)))
The payload can be anywhere in the URL, header or body.
Test in the URL at first glance will be great.
Is there such a plugin, or one which can simply be extended?
Any help appreciated
Achim
BTW, I already have a tool to generate such payloads in the browser
https://www.owasp.org/index.php/Category:OWASP_EnDe
you can nest the encoding functions how ever you like (see [Functions]
button)
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
